PGP creator aims to keep digital communications strictly confidential with Silent Circle
By Paul Ridden
July 29, 2012
Being able to communicate without fear of prying eyes and ears intercepting could literally mean the difference between life and death for journalists uncovering corruption in high places, campaigners and activists trying to make the world a better place, or undercover agents engaged in covert operations. The creative force behind well-known email encryption software PGP (Pretty Good Privacy) had just such folks in mind when developing his latest digital security product. Phil Zimmermann has created a new suite of high-end encrypted communication products that combine with a custom-made secure network to ensure that the sender and recipient(s) are the only people able to access email, voice, video and text comms routed through the Silent Circle system.
Silent Circle is described as a worldwide encryptions communications firm that delivers a comprehensive suite of high-end private encrypted communication services for email, mobile phone, text and video conferencing. In addition to Zimmermann, the company's development team includes fellow Silicon Valley pioneer and co-founder of the PGP Corporation Jon Callas and two highly decorated Navy Sea, Air, and Land (SEAL) operatives in the shape of ex Commander Vic Hyder and former sniper and Special Ops comms expert Mike Janke.
The suite is made up of four products, the first of which is the "Silent Phone" app which allows iOS/Android smartphone users to make and receive encrypted voice and video calls via Silent Circle's custom-built HD Network named The Circle.
"We offer a secure calling plan to provide users the ability to send and receive calls to anyone outside of The Circle (people who are not yet subscribers)," Janke explained. "For calls made inside The Circle, we offer unlimited minutes in Canada, the U.S. and Puerto Rico. It's the only app that provides amazing encrypted video/voice call (similar to FaceTime) on 3G, 4G or Wi-Fi so users can conduct encrypted video conferences on their iPhones while traveling. The peer-to-peer encryption uses the ZRTP protocol invented by Phil Zimmermann. Keys are exchanged on the mobile devices themselves not on a server."
Pretty good email encryptionNext up is the email encryption application "Silent Mail" that makes use of Zimmerman's PGP technology and PGP Universal Server technology invented by Callas to provide secure email via SSL SMTP to a custom-built, proprietary network. Users will be allocated a special @SilentMail.com email account, which can be set up to work with existing email clients like Outlook and Mac Mail.
PGP encryption technology is, of course, already offered by Symantec but is aimed directly at enterprise. Silent Circle has been developed specifically with security conscious individuals, human rights groups, oppressed dissidents, NGOs, special operations units, small businesses and corporations in mind.
"The world has changed a lot in the last twenty years," said Janke. "Remember that the original PGP came out in 1991. In those days, there was a general attitude that one didn't need encryption unless one was up to no good. That has changed completely. In the 2000s, breach disclosure laws, Sarbanes-Oxley, HIPAA, and other legal changes have turned this around completely."
"Today, encryption provides safe harbors from liability and prosecution as well as being a quasi-mandate. Breach disclosure laws provide safe harbors via encryption, and this nearly becomes a mandate for it. Similarly, while neither SOX nor HIPAA actually mandate encryption, the requirements that they place on organizations are easier to satisfy with encryption than with other solutions. Storage encryption is now a built-in feature of Windows, Mac OS X, iOS, and Android. Communications encryption still lags in many areas, and it is these areas where Silent Circle focuses."
Secure text messages and VOIP"Silent Text" is the company's IM/text app that uses Silent Circle Instant Message Protocol to secure messages sent from iOS/Android phones (adheres to NIST recommendations AES 128/256 ECC-DH). Janke told us that senders can "send text, pictures, video, recordings and control whether the recipient can keep them or whether they disappear within a timed limit. With our unique Burn Notice button, a user can set a timer for how long media/text lasts before completely being burned off. Users can also control if recipient can save, forward or keep sent Media/Text or if it disappears completely after closing the app … the user is in control."
ZRTP technology (session DH keys, SAS, key continuity, 256-bit AES and 3072-bit key exchange) makes another appearance with the "Silent Eyes" app, a Mac/Windows VOIP encryption client similar to Skype or iChat/FaceTime that offers "complete end-to-end encrypted video and voice services."
How much is digital security worth to you?Silent Circle will be a subscription-based service, so we asked Janke just how secure and private will customer comms be.
"Essentially, we have created a closed-loop-system where the customer holds they encryption keys and we have no access," the company's CEO replied. "The world has accepted encryption and now relies on encryption for every facet of commerce, business and finance. Phil, Jon and I took all of the lessons learned from the past and present day law, to construct every facet of Silent Circle to be built upon protecting the users - even from a legal jurisdiction point of view."
"We spent a long time designing and building the network and the apps based upon lessons-learned from Phil's crypto-wars experience and from mine in the Special Operations world. While there was a lot of drama in the press at the time, the problems that dogged PGP were all related to either intellectual property, or export control. The world has changed with regards to both. Core cryptographic technologies are not inherently encumbered any more. Export control is no harder than doing one's taxes. Esther Dyson is famous for saying always make new mistakes. If we have problems, they'll be new ones, not the old ones."
"We have our fiber optic system, our entire equipment and our custom-built network (that we call The Circle) in several locations in Canada. Canada has the most stringent privacy laws anywhere in the world, thus giving Silent Circle users a progressive privacy-minded legal system with which to deal with, but laws change - we know that. So we built our system to ensure the individual devices holds the encryption keys. It forces the legal system of any country to work with the individual - not us."
"In addition, our custom-built PBX's are designed to allow voice and video to pass through, rather than store anything. Any data we have, is completely encrypted and we don't hold the keys - the customers do."
Janke also confirmed that "once data is deleted by a user, it is gone from our network as well simultaneously - we have no idea what the data is, as it is encrypted from the users end." User activity logs are retained for 72 hours (then discarded) but only the date and time are recorded.
By necessity, some customer information is kept by the company for longer - such as email addresses and payment information. Janke explained that "payment information is shared with the payment processor for the sole purpose of completing the transaction and getting you in The Circle. This necessary personal data is stored in a secured encrypted server and only our employees with a legitimate need-to-know have access. We understand this is important to the customers. It is important to us as well."
Almost ready for launchSilent Circle is currently in Beta phase one testing and is set to move into phase two by the middle of next month. If all goes according to plan, the system will be launched world-wide on September 17.
Janke revealed that Silent Circle will be available as three distinct packages. The full suite will include all four Silent Circle products, with free unlimited encrypted calls 3G/4G or Wi-Fi within "The Circle" (to other subscribers). Each user will be given a unique personal encrypted phone number. The cost for unlimited data and text will be US$20 per month (in addition to a user's regular network charges).
The second package is the Secure Calling Program that will feature the "Silent Phone" app only, and will come with unlimited calling in U.S/Canada/PR to anyone in or out of our network for $39 per month.
Lastly, there will be a Bundled Program that includes all four encrypted products plus the secure unlimited calling plan for $55 per month.
Source: Silent Circle
The following video features the four company founders talking about digital security and Silent Circle: